Kenneth Lausdahl

The overture initiative integrating tools for VDM

Overture is a community-based initiative that aims to develop a common open-source platform integrating a range of tools for constructing and analysing formal models of systems using VDM. The mission is to both provide an industrial-strength tool set for VDM and also to provide an environment that allows researchers and other stakeholders to experiment with modifications and extensions to the tools and language. This paper presents the current status and future vision of the Overture project.

Combinatorial Testing for VDM

Combinatorial testing in VDM involves the automatic generation and execution of a large collection of test cases derived from templates provided in the form of trace definitions added to a VDM specification. The main value of this is the rapid detection of run-time errors caused by forgotten preconditions as well as broken invariants and post-conditions. Trace definitions are defined as regular expressions describing possible sequences of operation calls, and are conceptually similar to UML sequence diagrams. In this paper we present a tool enabling test automation based on VDM traces, and explain how it is possible to reduce large collections of test cases in different ways. Its use is illustrated with a small case study.

A Deterministic Interpreter Simulating A Distributed real time system using VDM

The real time dialect of VDM, called VDM-RT, contains constructs for describing concurrent threads, synchronisation of such threads and the distribution of object instances and their threads over multiple CPUs with busses connecting them. Tools that simulate an executable subset of VDM-RT models benefit from being deterministic so that problems are reproducible and can be more easily investigated. We describe the deterministic scheduling features of our VDM-RT interpreter, and show how multi-threaded models can also be debugged deterministically.

Connecting UML and VDM++ with Open Tool Support

Most formal method notations are text based, while tools used in industry often use graphical notations, such as UML. This paper demonstrates how the power of both approaches can be combined by providing the automatic translation of VDM++ models to and from UML. The translation is implemented as a plugin for the popular Eclipse development environment by the open-source Overture initiative. Both UML class diagrams and sequence diagrams can be translated, the latter enabling the novel ability to link with the combinatorial test facility of Overture.

Combining VDM with executable code

Formal methods have been used and successfully applied to a wide range of industrial applications for many years. However formal methods can be difficult to comprehend for outsiders and the link of formal models and external subsystems which are not modelled can be unclear. In this paper we present an approach which allows formal models to be more easily shared with external stakeholders and enables integration with external code. We demonstrate how an existing interpreter for an executable subset of VDM is extended enabling the combination of formal models with executable code. This eases the way in which a formal model can communicate with an external implementation or be used in graphical prototyping. A small case study is used to demonstrate how the approach can be utilized. In this paper the technique is used to combine VDM and Java, but the principles presented can be seen as a general approach for expanding the capabilities of formal modelling tools with interpretation capabilities.

Translating VDM to Alloy

The Vienna Development Method is one of the longest established formal methods. Initial software design is often best described using implicit specifications but limited tool support exists to help with the difficult task of validating that such specifications capture their intended meaning. Traditionally, theorem provers are used to prove that specifications are correct but this process is highly dependent on expert users. Alternatively, model finding has proved to be useful for validation of specifications. The Alloy Analyzer is an automated model finder for checking and visualising Alloy specifications. However, to take advantage of the automated analysis of Alloy, the model-oriented VDM specifications must be translated into a constraint-based Alloy specifications. We describe how a subset of VDM can be translated into Alloy and how assertions can be expressed in VDM and checked by the Alloy Analyzer.

Distributed co-simulation of embedded control software with exhaust gas recirculation water handling system using INTO-CPS

Engineering complex Cyber-Physical Systems, such as emission reduction control systems for large two-stroke engines, require advanced modelling of both the cyber and physical aspects. Different tools are specialised for each of these domains and a combination of tools validating different properties is often desirable. However, it is non-trivial to be able to combine such different models of different constituent elements. In order to reduce the need for expensive tests on the real system it is advantageous to be able to combine such heterogeneous models in a joint co-simulation in order to reduce the overall costs of validation. This paper demonstrates how this can be achieved for a commercial system developed by MAN Diesel & Turbo using a newly developed tool chain based on the Functional Mock-up Interface standard for co-simulation supporting different operating systems. The generality of the suggested approach also enables future scenarios incorporating constituent models supplied by sub-suppliers while protecting their Intellectual Property.

Migrating to an Extensible Architecture for Abstract Syntax Trees

We present and analyse an architectural migration in the Overture tool, a tool for which the primary internal data structure is an Abstract Syntax Tree (AST). The migration was from a high-cohesion AST with functionality encapsulated in its nodes to an extensible, low-cohesion AST with functionality implemented in visitors. This was motivated by the need for a high degree of extensibility in the tools core functionality. We describe the migration process and both architectures in detail. We also present a comparative analysis between both architectures, including the trade-offs made between extensibility and performance. Finally, we generalise these results to other tool migrations that have hierarchical data structures at their core.

Support for Co-modelling and Co-simulation: The Crescendo Tool

We describe tool support for multidisciplinary modelling of embedded systems using the Crescendo tool which allows discrete-event models given in the VDM notation using the Overture tool to co-simulate with continuous-time models that are developed using the 20-sim tool. The linking of discrete and continuous models via contracts, and co-simulation under the control of predefined scenarios injecting disturbances are presented.

Towards Enabling Overture as a Platform for Formal Notation IDEs.

Formal Methods tools will never have as many users as tools for popular programming languages and so the effort spent on constructing Integrated Development Environments (IDEs) will be orders of magnitudes lower than that of programming languages such as Java. This means newcomers to formal methods do not get the same user experience as with their favourite programming IDE. In order to improve this situation it is essential that efforts are combined so it is possible to reuse common features and thus not start from scratch every time. This paper presents the Overture platform where such a reuse philosophy is present. We give an overview of the platform itself as well as the extensibility principles that enable much of the reuse. The paper also contains several examples platform extensions, both in the form of new features and a new IDE supporting a new language.